Taking action


A year on, with nearly 60,000 data breaches reported in Europe within the first three months of GDPR, last year UK companies paid £1,428,000 in GDPR fines. TransWorldCom’s MD Paolo Sartori offers commentary on steps to take following a data breach

Since GDPR came into place last May, data breaches have been at the forefront of many companies’ focus. Breaching GDPR could cost a company vast sums if the appropriate actions are not taken following a breach. The fine for breaking GDPR rules currently stands at €20 million or 4% of the company’s revenue, whichever is higher.

Whether it is carried out by a cyber-criminal distributing malware or an employee mistakenly sending out email addresses, data breaches are becoming increasingly common. What many companies are unaware of is the steps that they need to take once they have fallen victim to a data breach.

Paolo Sartori, Managing Director, TransWorldCom

Managing Director of, cyber-security specialists, TransWorldCom, Paolo Sartori, gives commentary on what all businesses need to do once they have realised their data has been breached:

“What is key when it comes to data protection is education. This stands true for both avoiding a breach and also addressing it. There are five important tasks that need to be completed following a data breach in order to remain complicit with GDPR legislation. Firstly, the breach needs to be located and stopped. It then needs to be understood how the breach occurred and the scale of the breach. Thirdly, the business needs to notify all those who may have been affected by the breach, take advice from compliance and, where necessary, the ICO. Following this, internal security procedures need to be looked at and the current estate needs to be audited for existing and further vulnerabilities. Finally, the company needs to change and update process for the preparation, control and recovery from future attacks.”

Pictured: Paolo Sartori, Managing Director, TransWorldCom